/*
 * To change this template, choose Tools | Templates
 * and open the template in the editor.
 */
package jade.imtp.leap;

//#J2ME_EXCLUDE_FILE

import jade.util.*;
import java.io.File;
import java.io.FileInputStream;
import java.security.KeyStore;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;

/**
 * Helper class to deal with SSL related setup
 * @author eduard
 */
public class SSLHelper {

    /**
     * use this to indicate which cipher suites we support
     */
    public static final List supportedKeys =
            Collections.unmodifiableList(Arrays.asList(new String[] {"SSL_DH_anon_WITH_RC4_128_MD5"}));

    public static String[] getSupportedKeys() {
        return (String[]) supportedKeys.toArray(new String[0]);
    }

    private SSLHelper() {
    }

    /**
     *
     * @param keystore
     * @return true when filename arguments can be read
     */
    public static boolean needAuth(String keystore) {
        /* TODO FIXME
         * now we only check if we can read filename
         *
         */
        return new File(keystore).canRead();
    }

    /**
     * calls {@link #needAuth(java.lang.String) } with
     * System.getProperty("javax.net.ssl.keyStore") as argument
     * @return
     */
    public static boolean needAuth() {
        return needAuth(System.getProperty("javax.net.ssl.keyStore"));
    }

    public static SSLContext createContext() throws ICPException {
        return createContext("keystore", "passphrase");
    }

    /**
     *
     * @param keystore will be used if javax.net.ssl.keyStore is not set
     * @param passphrase will be used if javax.net.ssl.keyStorePassword is not set
     * @return
     * @throws ICPException
     */
    public static SSLContext createContext(String keystore, String passphrase) throws ICPException {
        SSLContext ctx = null;
        // default parameters
        if (System.getProperty("javax.net.ssl.keyStore") == null) {
            System.setProperty("javax.net.ssl.keyStore", keystore);
        }
        if (System.getProperty("javax.net.ssl.keyStorePassword") == null) {
            System.setProperty("javax.net.ssl.keyStorePassword", passphrase);
        }

        // create and init context
        if (needAuth()) {
            if (Logger.getLogger(SSLHelper.class.getName()).isLoggable(Logger.FINE)) {
                Logger.getLogger(SSLHelper.class.getName()).log(Logger.FINE, "keyStore found!");
            }
            ctx = createContextWithAuth();
        } else {
            ctx = createContextNoAuth();
        }
        return ctx;
    } // end createContext

    /**
     * creates a SSLContext without a keystore or truststore
     * @return
     * @throws ICPException
     */
    public static SSLContext createContextNoAuth() throws ICPException {
        SSLContext ctx = null;
        // Create the SSLContext without authentication if necessary
        if (ctx == null) {
            try {
                ctx = SSLContext.getInstance("TLS");
                ctx.init(null, null, null);
            } catch (Exception e) {
                throw new ICPException("Error creating SSLContext.",e);
            }
        }
        return ctx;
    }// end createContextNoAuth

    /**
     * creates a SSLContext with a keystore, no truststore is used
     * @return
     * @throws ICPException
     */
    public static SSLContext createContextWithAuth() throws ICPException {
        // Create the SSLContext with Authentication
        SSLContext ctx = null;
        try {
            // open keystore
            char[] passphrase = System.getProperty("javax.net.ssl.keyStorePassword").toCharArray();
            KeyStore ks = KeyStore.getInstance("JKS");
            ks.load(new FileInputStream(System.getProperty("javax.net.ssl.keyStore")), passphrase);
            // init KeyManager
            KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
            kmf.init(ks, passphrase);
            // create and init context
            ctx = SSLContext.getInstance("TLS");
            ctx.init(kmf.getKeyManagers(), null, null);
        } catch (Exception e) {
                throw new ICPException("Error creating SSLContext.",e);
        }
        return ctx;
    }// end createContextWithAuth
}
